In this paper, the authors provide an in-depth analysis of the Not-Too-Safe Boot technique, which has been designed to bypass Endpoint Security Solutions like antivirus (AV), endpoint detection and response (EDR) and anti-tampering mechanisms remotely. This method builds on a local execution technique first published in 2007 and later utilized in a real world scenario by a ransomware in 2019.
4ab12a59151aa94280a3b9d4b96f18a83bea50df9c1d7059e19c8266fbd31001